dependabot[bot]
46b9e4803e
Build: Bump the github-actions group with 2 updates
...
Bumps the github-actions group with 2 updates: [actions/checkout](https://github.com/actions/checkout ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `actions/checkout` from 4.1.2 to 4.1.6
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](9bb56186c3...a5ac7e51b4
)
Updates `github/codeql-action` from 3.24.9 to 3.25.8
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](1b1aada464...2e230e8fe0
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Closes gh-5505
2024-06-06 00:05:28 +02:00
dependabot[bot]
df1df9503a
Build: Bump actions/cache, actions/checkout & github/codeql-action
...
1. Bump actions/cache from 4.0.1 to 4.0.2
Bumps [actions/cache](https://github.com/actions/cache ) from 4.0.1 to 4.0.2.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](ab5e6d0c87...0c45773b62
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
2. Bump github/codeql-action from 3.24.6 to 3.24.9
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.24.6 to 3.24.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](8a470fddaf...1b1aada464
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Bump actions/checkout from 4.1.1 to 4.1.2
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.1 to 4.1.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](b4ffde65f4...9bb56186c3
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Closes gh-5462
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-02 23:35:25 +02:00
dependabot[bot]
ae67ace649
Build: Bump github/codeql-action from 3.24.0 to 3.24.6
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.24.0 to 3.24.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](e8893c57a1...8a470fddaf
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Close gh-5425
2024-03-10 10:37:30 -04:00
dependabot[bot]
bf11739f6c
Build: Bump actions/cache & github/codeql-action ( #5402 )
...
* Build: Bump actions/cache from 3.3.2 to 4.0.0
Bumps [actions/cache](https://github.com/actions/cache ) from 3.3.2 to 4.0.0.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](704facf57e...13aacd865c
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-major
...
* Build: Bump github/codeql-action from 3.22.12 to 3.24.0
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.22.12 to 3.24.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](012739e508...e8893c57a1
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
---------
Closes gh-5402
Closes gh-5415
Signed-off-by: dependabot[bot] <support@github.com>
2024-02-11 01:45:15 +01:00
dependabot[bot]
99151d7ab0
Build: Bump actions/setup-node and github/codeql-action
...
1: Bump actions/setup-node from 4.0.0 to 4.0.1
Bumps [actions/setup-node](https://github.com/actions/setup-node ) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/actions/setup-node/releases )
- [Commits](8f152de45c...b39b52d121
)
---
updated-dependencies:
- dependency-name: actions/setup-node
dependency-type: direct:production
update-type: version-update:semver-patch
...
2: Bump github/codeql-action from 2.22.5 to 3.22.12
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.22.5 to 3.22.12.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](74483a38d3...012739e508
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Closes gh-5381
Closes gh-5382
Signed-off-by: dependabot[bot] <support@github.com>
2024-01-03 16:30:28 +01:00
Michał Gołębiowski-Owczarek
c98597eaf5
Build: Reformat GitHub workflow Yaml files
...
Use Prettier 3.1.0 to reformat the Yaml files. This makes their format identical
to the one used on `3.x-stable`, making for much easier cherry-picks.
The main difference is the list under `steps:` was not indented while all other
lists were.
Closes gh-5364
2023-11-20 18:20:16 +01:00
Michał Gołębiowski-Owczarek
fb0cc27291
Build: Bump @babel/traverse & multiple actions
...
1: Bump actions/cache from 3.3.1 to 3.3.2
Bumps [actions/cache](https://github.com/actions/cache ) from 3.3.1 to 3.3.2.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](88522ab9f3...704facf57e
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
2: Bump actions/checkout from 3.6.0 to 4.1.1
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.6.0 to 4.1.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](f43a0e5ff2...b4ffde65f4
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
3: Bump github/codeql-action from 2.21.5 to 2.22.5
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.5 to 2.22.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](00e563ead9...74483a38d3
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
4: Bump actions/setup-node from 3.8.1 to 4.0.0
Bumps [actions/setup-node](https://github.com/actions/setup-node ) from 3.8.1 to 4.0.0.
- [Release notes](https://github.com/actions/setup-node/releases )
- [Commits](5e21ff4d9b...8f152de45c
)
---
updated-dependencies:
- dependency-name: actions/setup-node
dependency-type: direct:production
update-type: version-update:semver-major
...
5: Bump @babel/traverse from 7.22.5 to 7.23.2
Bumps [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse ) from 7.22.5 to 7.23.2.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.23.2/packages/babel-traverse )
---
updated-dependencies:
- dependency-name: "@babel/traverse"
dependency-type: indirect
...
Closes gh-5341
Closes gh-5349
Closes gh-5354
Closes gh-5355
Closes gh-5356
Closes gh-5363
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-13 18:44:30 +01:00
Michał Gołębiowski-Owczarek
635cb152e7
Build: Don't run CI push workflows for dependabot branches
...
Without this change, dependabot PRs run double checks - one set for the `push`
part and one for the `pull_request` part.
Closes gh-5353
2023-11-13 18:18:20 +01:00
dependabot[bot]
42e50f8c21
Build: Bump actions/checkout, actions/setup-node & github/codeql-action
...
1: Bump actions/checkout from 3.5.3 to 3.6.0
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.3 to 3.6.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](c85c95e3d7...f43a0e5ff2
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-minor
...
2: Bump actions/setup-node from 3.6.0 to 3.8.1
Bumps [actions/setup-node](https://github.com/actions/setup-node ) from 3.6.0 to 3.8.1.
- [Release notes](https://github.com/actions/setup-node/releases )
- [Commits](64ed1c7eab...5e21ff4d9b
)
---
updated-dependencies:
- dependency-name: actions/setup-node
dependency-type: direct:production
update-type: version-update:semver-minor
...
3: Bump github/codeql-action from 2.20.1 to 2.21.5
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.20.1 to 2.21.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f6e388ebf0...00e563ead9
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Closes gh-5311
Closes gh-5312
Closes gh-5313
Signed-off-by: dependabot[bot] <support@github.com>
2023-09-06 16:39:00 +02:00
dependabot[bot]
4a13266efd
Build: Bump github/codeql-action & actions/checkout
...
1: Bump github/codeql-action from 2.3.6 to 2.20.1
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.6 to 2.20.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](83f0fe6c49...f6e388ebf0
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
2: Build: Bump actions/checkout from 3.5.2 to 3.5.3
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.2 to 3.5.3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8e5e7e5ab8...c85c95e3d7
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Closes gh-5283
Closes gh-5284
2023-07-02 20:10:07 +02:00
Gabriela Gutierrez
784b9ba6e4
Build: Reference GitHub Actions by commit SHAs
...
The SHAs are verified to come from the original repositories and not forks.
For reference:
https://github.com/github/codeql-action/releases/tag/v2.3.6
83f0fe6c49
https://github.com/actions/checkout/releases/tag/v3.5.2
8e5e7e5ab8
https://github.com/actions/cache/releases/tag/v3.3.1
88522ab9f3
https://github.com/actions/setup-node/releases/tag/v3.6.0
64ed1c7eab
Fixes gh-5266
Closes gh-5269
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
2023-06-13 23:22:07 +02:00
Alex
c909d6b1ff
Build: Limit permissions for GitHub workflows
...
Add explicit permissions section[^1] to workflows. This is a security
best practice because by default workflows run with extended set
of permissions[^2] (except from `on: pull_request` from external forks[^3].
By specifying any permission explicitly all others are set to none. By using
the principle of least privilege the damage a compromised workflow can do
(because of an injection[^4] or compromised third party tool or action) is
restricted. It is recommended to have most strict permissions on the top
level[^5] and grant write permissions on job level[^6] on a case by case
basis.
[^1]: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
[^2]: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
[^3]: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
[^4]: https://securitylab.github.com/research/github-actions-untrusted-input/
[^5]: https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
[^6]: https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
Closes gh-5119
2022-12-01 14:23:17 +01:00
Baoshuo Ren
016872ffe0
Docs: Remove git.io from a GitHub Actions comment
...
All links on git.io are deprecated and may stop redirecting at a certain point.
See https://github.blog/changelog/2022-04-25-git-io-deprecation/
Closes gh-5036
2022-07-12 17:27:04 +02:00
Michał Gołębiowski-Owczarek
52f452b2e8
Build: Update GitHub Actions
...
* Build(deps): Bump github/codeql-action from 1 to 2
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 1 to 2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v1...v2 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
...
* Build(deps): Bump actions/cache from 2 to 3
Bumps [actions/cache](https://github.com/actions/cache ) from 2 to 3.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](https://github.com/actions/cache/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-major
...
* Build(deps): Bump actions/setup-node from 2.1.2 to 3.3.0
Bumps [actions/setup-node](https://github.com/actions/setup-node ) from 2.1.2 to 3.3.0.
- [Release notes](https://github.com/actions/setup-node/releases )
- [Commits](https://github.com/actions/setup-node/compare/v2.1.2...v3.3.0 )
---
updated-dependencies:
- dependency-name: actions/setup-node
dependency-type: direct:production
update-type: version-update:semver-major
...
* Build(deps): Bump actions/checkout from 2 to 3
Bumps [actions/checkout](https://github.com/actions/checkout ) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Closes gh-5067
2022-06-27 18:53:31 +02:00
Timmy Willison
39c5778c64
build: set up periodic code scanning analysis
2020-06-25 17:32:02 -04:00